ClawHub

wechat-article-reader

v0.1.0

当用户提供微信公众号文章链接(URL 包含 mp.weixin.qq.com)时,必须使用此 skill 读取文章内容,禁止使用 web_fetch、web_search 或其他方式替代。本 skill 通过专用脚本稳定抓取并返回结构化结果,包括标题、发布时间、作者和正文。

1· 143·0 current·0 all-time
by@pangahn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included Python script are consistent: the script fetches mp.weixin.qq.com /s/ pages and parses title/author/time/content. No unrelated env vars, config paths, or external services are requested.
Instruction Scope
SKILL.md instructs running the included script via 'uv run' and explicitly forbids using web_fetch/web_search; the script only fetches the provided WeChat URL, parses HTML, and returns structured JSON. It does not read other files or access other system state.
Install Mechanism
This is instruction-only with no bundled install spec. SKILL.md tells operators to install 'uv' (via Homebrew) and run 'uv sync' to install dependencies; that is a platform-specific requirement but not inherently risky. No downloads from arbitrary URLs or extracted archives are present in the skill bundle itself.
Credentials
No environment variables, credentials, or config paths are required. The script does not read secrets or other environment state; it only issues HTTP requests to the user-supplied WeChat URL.
Persistence & Privilege
The skill is not set to always:true and does not request persistent or cross-skill configuration changes. Autonomous invocation is allowed by default (normal) but is not combined here with broad privileges.
Assessment
This skill appears coherent: it contains a Python script that fetches and parses public WeChat article pages and SKILL.md explains how to run it. Before installing, consider: (1) the skill will perform network requests to user-supplied mp.weixin.qq.com URLs and spoofs a browser UA — verify you are comfortable with automated scraping and any terms-of-service implications; (2) it requires installing 'uv' and Python dependencies (via 'uv sync') — run those installs in a sandboxed or controlled environment if you are unsure; (3) confirm you trust the owner/source since the script will execute code in your environment; (4) if you need stronger guarantees, review the dependencies (curl_cffi, BeautifulSoup) and run the script on test URLs to validate behavior. Overall the package is internally consistent and does not request unexpected secrets or remote callbacks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b7vc6g2qv72shbkb50sysch83anzq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments